A newly discovered Disney Plus scam is phishing for your banking information, using an e-mail with a very eye-catching hook: a ‘technical incident’ warning. Here’s what you should be looking out for to stay safe.
The Disney Plus Scam Uses The Oldest Tricks In The Book (of Phishing)
The phishing campaign is spreading via malicious e-mails pretending to come from the streaming platform. They are designed to trick Disney Plus users into entering their sensitive information on sites that are in no way connected with the service.
The phishers are luring subscribers to sketchy websites where they can steal valuable banking information by creating a sense of panic. Their approach uses one of the oldest phishing tricks – creating a sense of panic or urgency by telling the potential victim that their subscription could not be renewed due to a ‘technical incident’.
This is a tactic that attackers commonly use, designed to panic the victim into updating their ‘billing information’, under threat of the streaming service being withdrawn.
Clicking on the link attached in the e-mail will redirect you to a website that will prompt you to fill in your sensitive personal information – your bank details.
If you do enter and submit the requested info, you’ll have given highly important information to the bad guys, which is exactly what they’re crossing their fingers for.
How To Spot A Disney Plus Fake Email
Creating a sense of emergency and/or panic is a very frequently used phishing email strategy. If you receive an email out of the blue that asks you to take a certain action immediately, keep your cool and take your time to analyze the email thoroughly.
Check the address the message was sent from, and hover your mouse over the URL contained in it – if anything looks suspicious, for instance, it’s displaying a website that doesn’t look like the official Disney+ URL, which is https://www.disneyplus.com/, proceed with caution. Do not click on it and double-check with Disney Plus instead, using a form of contact listed on their official website.
Alternatively, you can also log into your Disney Plus account separately, away from the suspicious email, and check if something is up.
Disney states that it will never contact its users via social media, email, text, or phone call asking for payment or your private account credentials, such as a password or payment information.
Red Flags In Any Phishing Email
If the email you’ve received…
- Repeatedly asks you to take an urgent action
- Has spelling and/or grammar errors
- Opens with an unfamiliar greetings
- Comes from an unfamiliar address
- Contains suspicious links, attachments, and domain names
- Brings you too-good/bad-to-be-true offers or information
- Requests Sensitive Data
…there’s a very high chance you’re being phished.
Educate Your Employees With ATTACK Simulator’s Phishing Simulations
Thinking you’ll dodge the bullet (or hook)? Think again. Figures paint a rather grim cybercrime landscape.
Phishing attacks can be catastrophic, resulting in immense financial damage or even the end of your business.
- To prevent cyberattacks and breaches
- To strenghten your technological defenses
- To attract more customers
- To make you more socially responsible
- To empower your employees
- To meet compliance standards
- To prevent downtimes and maintain a good reputation
Our realistic phishing simulations will expose your employees to life-like hands-on fake phishing attacks.
Here are some awesome perks of choosing us:
- Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
- Real-life scenarios – we evaluate users’ vulnerability to giving company-related or personal data away using realistic web pages.
- User behavior analysis – we gather user data and compile it into extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
- Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
- We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.
ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irremediable damage.
The Money Edit Disney+ scam emails: fake ‘technical incident’ warning